weblogic.security.acl
Interface CertAuthenticator

This interface is used to perform certificate-based user
authentication. Certificate-based authentication can be performed
when a remote client makes a two-way-authenticated secure T3
connection to the server, in which case the client's certificate
chain can be used to authenticate the remote user. This removes
the need for the client to explicitly provide a username and
password.

You can use this interface to map from a certificate to a user name
according to whatever scheme is appropriate for your needs.

To specify an instance of this interface to be used by the server,
set the SSL.CertAuthenticator field on the SSL tab
in the Administration Console
to the name of a class that implements this interface. The server
will access this instance through static methods in the
CertAuthentication class.

Classes implementing this interface must have a public no-arg
constructor.

authenticate

Authenticate a user based on a certificate chain they have
presented. If the user is authenticated successfully, this
method returns the user with its WebLogic username optionally
derived from the certificate, otherwise it returns null.

Parameters:

userName - name presented by the user, if any. May be null.
Can be used or ignored, depending on the needs of
the security implementor.

certs - certificate change presented by the user. An array
of length at least 1. The first certificate is the leaf
(i.e. end user's) certificate. If the length is greater
than 1, the array is a certificate chain, with the last element
being the root CA.

ssl - true if the certificates to check were presented by the
client during a successful two-way SSL handshake.

Returns:

user derived from certificate, if authentication
succeeded, or null if failed

Copyright 1996, 2010, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.